From 7f2f12c18eb19e3629d060a57c086c4e7e4412ea Mon Sep 17 00:00:00 2001 From: Guido Guenther Date: Fri, 4 Nov 2005 12:56:17 +0000 Subject: import --- README | 40 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) create mode 100644 README (limited to 'README') diff --git a/README b/README new file mode 100644 index 0000000..1e431ae --- /dev/null +++ b/README @@ -0,0 +1,40 @@ +The purpose of this module is to call an external program. This can e.g. be +used to call a lockout process, that locks out a user after multiple failed +login attempts, a script that logs usernames to a file or whatever you can +think of. The program gets called as: + + program pam_function user=... ruser=... rhost=... tty=... service=... + +Where pam_function is either pam_authenticate, pam_setcred, pam_acct_mgmt, +pam_open_session, pam_close_session or pam_chauthtok (see below). It returns +PAM_IGNORE on success (since it doesn't want to affect the authentication +process) on "success" and tries to report errors properly otherwise. + +Recognized arguments: + + exec= Program to execute + debug Print debuging information + +module services provided: + + auth _authenticate and _setcred (blank) + acct _acct_mgmt [mapped to _authenticate] + session _open_session and + _close_session [mapped to _authenticate ] + password _chauthtok [mapped to _authenticate] + + +Example: + Put this in /etc/pam.d/su to log all the available information to /root/dump + on failed su attempts: + + auth [success=1] pam_unix.so nullok_secure + auth required pam_exec.so exec=/root/dumpit debug + auth required pam_permit.so + + where /root/dumpit is a shell script: + + #!/bin/sh + echo "$@" > /root/dump + + -- Guido Guenther Fri, 4 Nov 2005 13:32:15 +0100 -- cgit v1.2.3